Translated Press Release: IT Security is increasingly dominated by Geopolitics
DeepSec and DeepINTEL conference open call for papers – submission for lectures and trainings are in demand.Anyone who reads the technology part of their favourite magazine can hardly escape the promises of future network technologies. Your own car becomes a smartphone. The talking fridge becomes a therapist. 5G mobile networks promise high-speed fibre optic streaming of data on the speed-limited electric scooter. The second reading reveals the meaning of the letter G in 5G – it stands for geopolitics. As part of the network expansion, there are discussions about hidden killswitches for emergency shutdowns, entire networks and backdoors to eavesdrop on customers. In November, the DeepSec In-Depth Security Conference addresses the technical challenges of the Internet of Things, emerging network technologies, and geopolitical constraints dictated by key events of the last 6 years.
5G as a continuation of the Trade Wars
There are very few mobile network technology providers worldwide. The name Huawei has been mentioned quite often in recent months in the news coverage. The benefits of the offered products or the actual implementations of the new mobile radio standard 5G are seldom discussed. Instead, it is about the charge of secretly built emergency shutdowns that can paralyze the entire mobile network of an operator in one fell swoop. And about accusations of supposedly hidden code that allows remote access and copying of data from the network. Equipped with many allegations without concrete evidence, an exclusion of Chinese telecommunications equipment is currently being discussed in certain Western countries. The worries are justified, nevertheless they are familiar to security researchers. Almost all computers used in Europe and elsewhere seldom come from the countries where they actually do their work. The chips, the firmware and many other hardware and software ingredients are being built elsewhere. Since in the last decades one had systematically refrained from questioning,, let alone understand, the content of the box behind the keyboard or touchscreen, the allegations are driven by imagination.
IT security research can only counter this with facts and solid research. Robert Hannigan, former head of the British intelligence service GCHQ, has confirmed that the National Cyber Security Center (NCSC) has spent many years concerning themselves with components from Chinese supply chains. So far, according to his statement, there has been no evidence of government-mandated covert attacks by Huawei hardware. Since 2010 NCSC has access to the source code of the products with the help of the Huawei Security Evaluation Center (HSEC). The purpose behind this is certification by the NCSC before technology can be used in sensitive areas. Herewith, Robert Hannigan directly contradicts the allegations from the US and the assessment of Gerhard Schindler, the former president of the German Federal Intelligence Service (BND). In addition, critics are ignoring the legal surveillance interfaces already required in Europe, standardized by the European Telecommunications Standards Institute (ETSI). Incidentally, these specifications apply to all providers who want to build networks in Europe.
Intranet instead of Internet
The current news situation therefore illustrates very well what you should pay attention to in information security. Securing your own data has long ceased to be done with individual isolated considerations. Also, the DeepSec conference has a long history of mobile security research, from the first public release of vulnerabilities in the A5/1 encryption algorithm (between phone and cell) to security issues with smartphones. This area is just one example, and has gained immense importance due to the rapid spread of mobile technology. To revisit the discussed Killswitch in networks: The idea to control information networks in a national emergency is not new. President Franklin D. Roosevelt has already implemented this in the Communications Act of 1934. At that time it was about media. In the proposed Protecting Cyberspace as a National Asset Act of 2010, one wanted to do the same for the Internet, with the difference of a shutdown rather than control. The proposed law of 2010 fell without getting votes, because the technical implementation was not clear and still is not. The idea to paralyze communication networks at will with a simple switch worked well on the movie screen or on TV in the past – unfortunately, now information is streamed via the Internet.The alternative is a strictly national network. The Iranian government is working on an Iranian intranet, spurred on by the protests in 2009. The Chinese firewall is trying to do something similar, albeit through rigorous filters driven by newsrooms. Russia is currently also testing to disconnect from the Internet. The communication networks will still work then, but they plan to separate them from the rest of the world. De facto, this is the low-fat variant of the Killswitches. Both approaches demonstrate how enormously important the Internet has become – it can not be ignored anymore. This is even more true for companies than for countries.
Digital Realism
Realistically, it makes little sense to make the own population and the state first dependent on a network, and then to turn it off again. The longing for local networks proves that. In companies it is no different. Data must be exchanged and communication must take place. Serious information security must therefore investigate how the integrity of the infrastructure and data can be maintained even in adverse circumstances. The most important point is the secure design of applications right from the start. At the past DeepSec conferences there were plenty of lectures and training courses for developers and planners. IT Security has the reputation of being sort of a stumbling block. In fact, the opposite is true. Past security incidents and published documents about organized vulnerabilities such as those revealed by Edward Snowden are and have been essential building blocks for improving security in our everyday lives. The prerequisite for this is, paradoxically, a free exchange between security researchers. A national intranet, bans on cryptographic algorithms, filters on published content or similar restrictions are therefore the most uncertain counterpoint to the necessary security in the digital world.Therefore, the DeepSec conference explicitly does not only want to address security experts. The penetration of digital networks requires the involvement of companies, developers, the hacker community, authorities, users, infrastructure managers, designers and interdisciplinary scientists for a sensible further development of IT security measures. People in advisory capacity are expressly invited to participate in the exchange of experiences and ideas in Vienna in November.
Contributions wanted – Call for Papers
The DeepSec conference plans to focus this year on the link between geopolitics and information security. Therefore, until July 31 2019, we are looking for lectures on technologies that affect both worlds. Specifically, the challenges for industrial and control systems, the Internet of Things, all mobile communication technology (from car to telephone), the use of algorithms and modern data management. We are currently experiencing an accelerated mixing of new and existing methods. Security researchers are in demand who creatively deal with the current possibilities and point out weaknesses. Risks can only be managed if you know them. The program committee is therefore looking forward to as many submissions as possible, which scrutinize trends and so-called future technologies under the digital microscope.The two-day trainings before the DeepSec conference are also part of the call for papers. Trainers who want to share their knowledge are welcome to submit courses. Accepted courses are announced ahead of time to help participants plan their bookings.
Programs and booking
The DeepSec 2019 conference takes place on the 28th and 29th of November.
At the same time, the ROOTS 2019 lectures will be held in a separate room next to the DeepSec conference. The DeepSec trainings will take place on the two preceding days, 26th and 27th of November.
The DeepINTEL conference will take place on November 27th.
Upon request to deepsec@deepsec.net we’ll be glad to send you the program.
Tickets are available on the website https://deepintel.net/.
The venue for DeepSec, DeepINTEL and ROOTS 2019 is The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Vienna.
Submissions can be made at https://deepsec.net/cfp.html. The current program of events will be announced after the submission deadlines.
Tickets for the DeepSec conference as well as ROOTS 2019 and DeepSec trainings can be ordered at any time at https://deepsec.net/register.html.